<?php
session_start();

include 'dbConn.php';
include 'nav.inc.php';
if (isset($_REQUEST['next_page']))
	$next_page = $_REQUEST['next_page'];
else
	$next_page = '0';

html_head('Administration - Login');
	if($next_page == '0'){
		echo("<div class='content' style='margin-left:350px'>");
		echo ("<form name='main' action='".$_SERVER['SCRIPT_NAME']."' method='post'>\n");
		echo("Kennung:<br>");
		echo("<input type='text' size='24' maxlength='50'");
		echo("name='kennung'><br><br>\n");

		echo("Passwort:<br>");
		echo("<input type='password' size='24' maxlength='50'");
		echo("name='password'><br>");

		echo("<input type='submit' value='Login'>");
		echo"<input type='hidden' name='next_page' value='1' />\n";
		echo("</form>");
		echo("</div>\n");
	}
	if($next_page == '1'){
		$kennung = $_POST["kennung"];
		$passwort = md5($_POST["password"]);
		$request = "SELECT m_lang, password, m_id FROM mitarbeiter WHERE kennung LIKE '$kennung' LIMIT 1";
		$result = mysql_query($request) or die(mysql_error());
		$row = mysql_fetch_object($result);
		
		if($row->password == $passwort){
			$_SESSION['username'] = $row->m_lang;
			$_SESSION['userid'] = $row->m_id;
			menu();
			echo("<div class='content' style='margin-left:350px'>");
			echo "Login erfolgreich. <br> ";
			echo("</div>");
		}
		else{
			echo("<div class='content' style='margin-left:350px'>");
			echo "Benutzername und/oder Passwort waren falsch. <a href=\"login.php\">Login</a>";
			echo("</div>");
		}
	}

?> 